Poland says hackers infiltrate water treatment plant, says US faces same threat

Poland’s intelligence agency said it had detected attacks on five water treatment plants that could, in a worst-case scenario, allow hackers to take control of industrial equipment inside, including tampering with the security of water supplies.

This story has implications beyond Poland’s borders, as U.S. water infrastructure has faced similar threats in recent years. In 2021, hackers temporarily gained access to a water treatment facility in Oldsmar, Florida, attempting to dangerously increase levels of sodium hydroxide, a corrosive chemical. Since then, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency have warned that water utilities remain a soft target for foreign hackers.

On Friday, the country’s top intelligence agency, Poland’s Internal Security Service, released a report covering its activities and the threats the country faced over the past two years. According to the report, Polish intelligence services have thwarted several sabotage attempts by Russian government spies and hackers targeting military installations, critical infrastructure (critical systems such as power grids, water and transportation networks), as well as civilians. The report said the attacks may have resulted in fatalities.

“The most serious challenge remains the subversive activity against Poland inspired and organized by Russian intelligence services. This threat was (and remains) real and imminent. This requires total mobilization,” the report said.

The report did not say whether the hackers behind the attack on the water treatment facility were Russian government spies. But Poland has recently been the target of infrastructure attacks by Russian government hackers, including a failed attempt to take down the country’s energy grid. The breach was later determined to be due to poor security controls at the targeted facility.

Poland’s experience is part of a growing global pattern of attacks on water and energy infrastructure. Just last month, a joint advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, the NSA, and several other federal agencies warned that Iranian-backed hackers were actively targeting programmable logic controllers at U.S. utilities, the industrial computers that run water and energy facilities. The same Iranian hacker group CyberAv3ngers broke into the digital control panels of several U.S. water treatment facilities in Pennsylvania in 2023, an attack that federal agencies linked to the escalation of hostilities in the Middle East.

In other words, the attack on Poland is not unique and follows a strategy that the Russian government uses not only in war zones such as Ukraine, but also against Western countries it considers long-time enemies. According to Polish intelligence, the plan is to destabilize and weaken the West, and cyberattacks and cyberespionage are just tools in a larger toolkit for the Putin regime.